Part of the Security Engineering team, responsible for co-developing solutions and automation workflows to improve the overall security posture of PayNet.
Serve as a change agent in automation initiatives, building pipelines to enhance operational efficiency.
Ensure that sound security controls are in place, commensurate with business operations and the risks posed.
Key Areas Of Responsibilities
Serves as a member of the technical committee and as a point of reference for the team in the following areas:
Development and Operations, with a strong emphasis on Python as the primary requirement, specializing in:
Automated solutioning to support both strategic and tactical plans, including operations and engineering (Python is essential; familiarity with Ansible, Terraform, Robot Framework, and Playwright is advantageous).
Ownership of assigned projects and tasks, including engineering, testing (such as code analysis/SAST for vulnerabilities, code smells, etc.), and release activities, by building custom integrations and tooling within the existing CI/CD pipeline; practices GitOps (GitLab, Docker, Kubernetes, Helm, ArgoCD).
Designing, developing, and maintaining internal systems, including the internal asset inventory system and the vulnerability management system, to improve automation, visibility, accuracy, and security operations.
Monitoring & Observability: Deploying, integrating, and managing monitoring/observability metrics using open-source solutions (Telegraf, InfluxDB, Prometheus, Grafana) for application performance, utilization, and health monitoring.
Process & Quality Improvement: Developing and enhancing existing processes, automation, best practices, and documentation.
Asset & Capacity Management: Performing operational and strategic management of hardware and software assets, including solutioning and capacity planning, to improve the overall security posture of PayNet.
Asset Inventory Integrity: Ensuring the effectiveness and accuracy of the integrated asset inventory, with timely updates.
API Development: Being well-versed in API gateway development and RESTful APIs for integration with other systems, and adopting an API-first approach.
Cross-Department Collaboration: Managing communication and collaborative efforts across departments/divisions throughout the lifecycle of hardware and software models.
Cyber Resilience Support: Serving as a supporting member of the Cyber Resilience initiative, primarily driven by BNM's RMiT requirements and organizational/business needs.
Security Awareness: Staying abreast of industry security practices relevant to technologies adopted by PayNet.
Special Projects: Participating in special project teams (based on core capabilities) related to information security, as needed, to respond to ad-hoc or unexpected security events, or as required by business and technological developments.
Source Code Review: Performing source code reviews using code-scanning tools; reviewing and validating scan results; and preparing reports with recommended remediations and areas for improvement.
Qualifications
Technical Qualifications
Bachelor's degree in Computer Science, Information Systems Technology, or Software Engineering.
Experience across Development and Operations, including tooling and platforms such as Kubernetes, Terraform, Ansible, Prometheus, Telegraf, InfluxDB, Grafana, GitLab or Jenkins.
13 years of relevant experience in Information Technology, with proven technical capabilities in Software Development, IT Operations, Service Management, and/or Data Centre Management.
Relevant work experience in the Financial Services and/or Technology sectors is an added advantage.
Excellent command of both English and Bahasa Malaysia.
Additional Requirements
Strategic in planning and organizing, with effective interpersonal and project management skills.
An added advantage if in possession of relevant industry-recognized certifications such as Python, Linux, Kubernetes, or information security certifications (e.g., CISSP, CEH).
